[Samba] Different behavior when client uses "sec=none" and when provides bad user (mapped to guest)
Rowland Penny
rpenny at samba.org
Sat Jan 18 09:49:28 UTC 2025
On Fri, 17 Jan 2025 22:55:59 +0100
Carlos Alberto Balseiro Mayi via samba <samba at lists.samba.org> wrote:
>
>
> testparm -s output:
>
> > Load smb config files from /etc/smb4.conf
> > Loaded services file OK.
> > Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility
> > fallback)
> >
> > Server role: ROLE_STANDALONE
> >
> > # Global parameters
> > [global]
> > bind interfaces only = Yes
> > disable spoolss = Yes
> > dns proxy = No
> > load printers = No
> > logging = file
> > map to guest = Bad User
> > max log size = 5120
> > passdb backend = tdbsam:/var/run/samba-cache/private/passdb.tdb
> > printcap name = /dev/null
> > registry shares = Yes
> > server multi channel support = No
> > server string = TrueNAS Server
> > winbind request timeout = 2
> > workgroup = CORUSCANT
> > idmap config * : range = 90000001 - 100000000
> > fruit:zero_file_id = False
> > fruit:nfs_aces = False
> > idmap config * : backend = tdb
> > create mask = 0664
> > directory mask = 0775
> > kernel oplocks = Yes
> >
> > (REMOVED INFO FROM SHARES NOT INVOLVED IN THIS)
> >
> > [descargas]
> > ea support = No
> > guest ok = Yes
> > path = /mnt/NAS/descargas
> > read only = No
> > smbd max xattr size = 2097152
> > vfs objects = streams_xattr shadow_copy_zfs ixnas zfs_core io_uring
> > tn:vuid =
> > fruit:time machine max size = 0
> > fruit:time machine = False
> > nfs4:chown = True
> > tn:home = False
> > tn:path_suffix =
> > tn:purpose = MULTI_PROTOCOL_NFS
>
> Audit bad user:
>
> > Logon ID: '0'
> > Logon Type: 3
> > Local Address: ipv4:192.168.1.4:445
> > Remote Address: ipv4:192.168.1.100:55186
> > Service Description: SMB2
> > Auth Description: Null
> > Client Domain: ''
> > Client Account: badusertest
> > Workstation: ''
> > Became Account: Null
> > Became Domain: Null
> > Became Sid: Null
> > Mapped Account: badusertest
> > Mapped Domain: ''
> > Netlogon Computer: Null
> > Netlogon Trust Account: Null
> > Netlogon Negotiate Flags: '0x00000000'
> > Netlogon Secure Channel Type: 0
> > Netlogon Trust Account Sid: Null
> > Password Type: NTLMv2
> > Client Policy Access Check: Null
> > Server Policy Access Check: Null
> > Vers:
> > Major: 0
> > Minor: 1
> > Result:
> > Type: NTSTATUS
> > Value Raw: 3221225572
> > Value Parsed: NT_STATUS_NO_SUCH_USER
>
> smbstatus bad user:
>
> > Samba version 4.20.5-truenas
> > PID Username Group Machine
> > Protocol Version Encryption Signing
> > ----------------------------------------------------------------------------------------------------------------------------------------
> > 193273 nobody nogroup 192.168.1.100
> > (ipv4:192.168.1.100:55188) SMB3_11 - -
> > 102411 nobody nogroup 192.168.1.10
> > (ipv4:192.168.1.10:47964) SMB3_11 -
> > -
> >
> > Service pid Machine Connected at
> > Encryption Signing
> > ---------------------------------------------------------------------------------------------
> > IPC$ 102411 192.168.1.10 Fri Jan 17 18:53:13 2025 CET
> > - -
> > descargas 193273 192.168.1.100 Fri Jan 17 21:56:27 2025 CET
> > - -
> > Carpetas Personales 102411 192.168.1.10 Fri Jan 17 18:53:13 2025
> > CET
> > - -
> > IPC$ 193273 192.168.1.100 Fri Jan 17 21:56:27 2025 CET
> > - -
> >
> > Locked files:
> > Pid User(ID) DenyMode Access R/W Oplock
> > SharePath Name Time
> > --------------------------------------------------------------------------------------------------
> > 193273 65534 DENY_NONE 0x12019f RDWR BATCH
> > /mnt/NAS/descargas MiSTer/games/AO486/media/another world/another
> > world.vhd Fri Jan 17 21:58:04 2025
>
> Audit sec=none :
>
> > Logon ID: '0'
> > Logon Type: 3
> > Local Address: ipv4:192.168.1.4:445
> > Remote Address: ipv4:192.168.1.100:43240
> > Service Description: SMB2
> > Auth Description: Null
> > Client Domain: ''
> > Client Account: ''
> > Workstation: ''
> > Became Account: nobody
> > Became Domain: TRUENAS
> > Became Sid: S-1-5-21-2028966449-1147323095-3560797536-501
> > Mapped Account: ''
> > Mapped Domain: ''
> > Netlogon Computer: Null
> > Netlogon Trust Account: Null
> > Netlogon Negotiate Flags: '0x00000000'
> > Netlogon Secure Channel Type: 0
> > Netlogon Trust Account Sid: Null
> > Password Type: No-Password
> > Client Policy Access Check: Null
> > Server Policy Access Check: Null
> > Vers:
> > Major: 0
> > Minor: 1
> > Result:
> > Type: NTSTATUS
> > Value Raw: 0
> > Value Parsed: SUCCESS
>
> smbstatus sec=none:
>
> > Samba version 4.20.5-truenas
> > PID Username Group Machine
> > Protocol Version Encryption Signing
> > ----------------------------------------------------------------------------------------------------------------------------------------
> > 102411 nobody nogroup 192.168.1.10
> > (ipv4:192.168.1.10:47964) SMB3_11 -
> > - 187450 nobody nogroup 192.168.1.100
> > (ipv4:192.168.1.100:43240) SMB3_11 - -
> >
> > Service pid Machine Connected at
> > Encryption Signing
> > ---------------------------------------------------------------------------------------------
> > IPC$ 102411 192.168.1.10 Fri Jan 17 18:53:13 2025 CET
> > - -
> > IPC$ 187450 192.168.1.100 Fri Jan 17 21:44:41 2025 CET
> > - -
> > Carpetas Personales 102411 192.168.1.10 Fri Jan 17 18:53:13 2025
> > CET
> > - -
> > descargas 187450 192.168.1.100 Fri Jan 17 21:44:41 2025 CET
> > - -
> >
> > No locked files
>
> Best Regards,
>
> Carlos A. Balseiro
I think I see what is happening here, but I need to see the commands
you are using to connect to the share (where you are using 'sec=') to
confirm or deny my thinking.
Rowland
More information about the samba
mailing list